SQL Injection Vulnerability in Cisco Wireless Control System
CVE-2010-2826
Currently unrated
Key Information:
- Vendor
- Cisco
- Vendor
- CVE Published:
- 17 August 2010
Summary
An SQL injection vulnerability exists in Cisco Wireless Control System (WCS) 6.0.x prior to version 6.0.196.0. This security flaw allows remote authenticated users to manipulate SQL queries through malicious input, specifically targeting the ORDER BY clause in the Client List screens. By exploiting this vulnerability, attackers could execute arbitrary SQL commands, potentially leading to unauthorized data access or modification.
References
Timeline
Vulnerability Reserved
Vulnerability published